text-to-speech
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill instructs the agent to execute
curl -fsSL https://cli.inference.sh | sh, which is a piped remote execution pattern from an untrusted external domain. This allows a remote server to execute arbitrary code on the user's host system without any integrity checks or version pinning. - External Downloads (HIGH): The skill relies on binaries and scripts from
inference.sh, which is not listed as a trusted organization or repository. - Command Execution (LOW): The skill requests permission for
Bash(infsh *), which allows the agent to execute any sub-command of theinfshCLI. - Indirect Prompt Injection (LOW): The skill processes untrusted user-provided text for speech synthesis, creating an ingestion surface. \n- Ingestion points: The
--inputJSON parameter ininfsh app runcommands.\n- Boundary markers: Absent; there are no delimiters or instructions for the agent to ignore embedded commands in the processed text.\n- Capability inventory: Theinfshcommand allows execution of various remote applications via the Bash tool.\n- Sanitization: No sanitization or validation of the input text is mentioned or implemented in the skill.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata